Windows 10: Security and Freedom

All too often in life the choice isn’t between the good thing and bad thing, but between two conflicting interests. For instance, an organisation could be investing in building a new airport. It might employ a lot of people and boost the local economy – but if it takes away land from the area’s businesses and farms the airport might actually be bad for the local economy.

The point is that sometimes things aren’t black and white, and if you’re in enterprise IT there aren’t many people who know this better than you. On the one hand, you need to give your users access to corporate data from wherever they happen to be. You need to let them use their own devices. You need to make sign-in procedures fast and intuitive, so they can get straight down to business. In short, you need to give your users what they need to help your business thrive.

But on the other hand you have a duty to protect your organisation and its data. You also have a duty to protect your users and their own devices and information. If you impose tight security, you’ll safeguard everyone – but you’ll also be restricting them in a way they’ll find unacceptable. You can’t win.

Win-win with Windows 10

Actually, you can. Windows 10 has been designed to look both ways – to empower people of action to do great things while at the same time paying full attention to the security needs of the enterprise. Here’s how:

  • Microsoft Passport – this two-factor authentication solution is an alternative to a password. A user device is one factor and the other is biometric or a PIN. It’s robust, but also and importantly it isn’t a hassle
  • Windows Hello – this is the biometric option in Microsoft Passport and can also be used to unlock devices and other credentials. It can check users’ faces, irises or fingerprints
  • Enterprise credential protection – Derived credentials are drawn from elsewhere and held typically in a mobile device for single sign-in (SSO). Windows 10 uses hardware-based methods to isolate and help protect derived credentials from malware and attackers
  • Enterprise data protection – Windows 10 can automatically identify corporate apps and data and protect them with file-level encryption while at the same time preventing corporate content from leaking unprotected to unauthorized locations. You’re always in control: you define the policies, and you can remotely wipe corporate data on demand while leaving personal data untouched. What’s also great is that it works behind the scenes so it doesn’t interrupt busy users on mobiles or desktops
  • Device Guard – Windows 10 uses hardware-based virtualisation to isolate and protect Device Guard features such as the Hyper-V Code Integrity Service from malware and attacks. It also enables you to rank software vendors and apps in terms of their perceived trustworthiness so you can lock down devices, granting access only to apps from trusted sources

In fact, Windows 10 has many more advantages. For a quick summary of everything it can do for you, watch this short animation.

What’s great about the security features is that they put you in control. You get to impose security levels you know will be right for your enterprise, but you’re keeping it all in the background. Everyone’s playing by your rules but not to a level where they’re inconvenienced by them – and what’s more, it’s all in their own interests as much as anyone else’s.

It’s the ultimate modern car seat belt: it gives you freedom of movement at all times except for those dangerous occasions when everyone’s grateful they’ve been kept safe.

Conflicting interests? Not anymore. Thank you, Windows 10. Win-win.

Download the Modern Workplace Watchdog eBook